CSE591: Security Policy Frameworks
		    Scott Stoller and Annie Liu
	 Homework 4.  Version: 22 Apr 2005.  Due 28 Apr 2005.

Section 2.6 of [LMW05] describes usage of their security policy
analysis framework.  Give two <<analysis problem, expected answer>>
pairs for Moritz Becker's EHR policy in Cassandra.  It is fine to give
analysis problems that can be expressed in the [LMW05] framework, but
you are also free to propose other properties that you think should be
checked for each proposed change to the EHR policy.  In the latter
case, don't worry about expressing the properties formally; clear
English descriptions are also fine.

Note: Since the analysis problems in [LMW05] are defined in terms of
role membership, you may interpret the membership of a Cassandra role
as the set of entities that can activate the role.

[LMW05] Ninghui Li, John C. Mitchell, and William
H. Winsborough. Beyond Proof-of-compliance: Security Analysis in Trust
Management. Journal of the ACM, to appear. Preliminary version
appeared in Proc. IEEE Symposium on Security and Privacy, May 2003.